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PROBLEM TO BE SOLVED: To receive provision of services on a 
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information even in a plurality of domains. 
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(54) fifaSaagv'XxARrPBgEU— /-{t/Di^^A 



(57) [S$«J] 

>«:*j«,»r 4>igSEfft$ll*5l tiBtif 4 J: ^ (c-r -5. 




(2) 

1 

F • F^ — 3©loief2iE-t»---'-?©ji{ir F u;^ 

Ar^gfiSSn^ B?fiaiSiiEi>-— 'N'imrf2-y--t^;^lJ--^<i 
A. 

[gt*a2] iS#iBliatg©tS$S5aS->;^r-A(c*5t> 30 
r. SJgesii^S«. «>ria:?'^'?-!fj!P6f«jffl^cD I D, 

tg^SKsasnrt^sBjiasisiJtimiiksu, -^r 

S h ©*SB3fB{lA1SfBfait#gtc *n«iff tcffjffl^fc 

3 ] 1 umommiBMiy:^ T^AtctJt,^ 
■r, fitaiijf Fy-^>Bf^##©«. fra^tf F^-f>sB 

[if^4] if^iliiaK®ft$SteS~>X7"A{c*5t,» 
-c^$ n/cS?iaa?iEts« i . HuK^tf f ^ 

©•CBtff . ^$n/ctyiamT F y >tt$BRC/mria F 



!^g92 00 2-2 3 6 66 2 

2 

i 4 «F® i -r -S tiHK*ttffi-> ;^ 7^ A . 

[fi*3S5] it««4g2iS©ts^a->;^7"A«:*s(,> 

T, mtz^ '^^-m7^ms.. fiia:/v'?-!frs<iLfci 
Mia + -i%?f ^ - s?tji ccf ai$ $ n/c Huta^tt#BS 
u^Mia F^ >t»f8*>e>«?fat> v +-«r^b. ^Jiar?- 

[i»*a6 ] rntrn 1 iaS£©tt^ffiJ^;^7^A«:*ii» 

■c. Suia^f +-^tT^|g*iB>!ia:^7"?tfCc«€?iiA/c 
ijiaf f ^g[i':/+-+{ciaa3nft: 

^^mSit^vcnth c i J: •) . • Bfriar^^ '^^ifiwt^ 

«te«S';^-?"A. 

r. Uiai'7'CT> F±t?S6{'P^ 4^-:^ 7 F±o 

«:a«.3n/c<lA1fflB3!p6^L. i2aER®ielt#Sic 
SaEJCM-r Stf^^SSr iSSE*© <»: . »ff F V -f > 

IBtt#©«ctatf.dn-rt»S. ::^^'?-tf{cft«€r»*jitf 

/ca)<Di'-y4^-*^?7-r*-f>4'-^f F • F-^-/>« 

*«-r«fT Fy -f >t»««:B{» L , mU^ ^-CD F y 
>Mt4^^f F^ -OltfS^SfefiX-rs^tf F^ -f>SX 
'^WlL. B!riBy7'?ifK:^tU-CmrfBi'--'^-^Stfji 

■j/if'Nfifiae' f i=-©##ji*€:?T^ =^^-^tT 

^a<kL/-C^tgS-tt.2><»: i4>K:. r3> fjL-4J(C F> W 
>««?9l*ie%ffil,»-C-f>f-*7 F • F^-f>«*>6 

iiftr FU';^--s:^-r^.«B>iJ!?^i^->'-<ibrtstg?i± 

^>«*g»^1*--''0-a4^^Aiai)3L-C*!iS*?fC\ S 
^©S^i*^^^'-*^ F • F^ — 3©B?sB® 

iiEif-^<©iifir Fux-^-Ka-^W. a^©B^S■!^-i^ 

A. 

[iS^:58] !t:^^7iaiS©^iE-9— A:7'n5/'^A{C 
*sl,^-C. BUfBSaE^gfi. B5tB:/7"?1f*>6*<Jffl#©I 
-'>-;^>7-Ffe<!:-©8li8iJtS«*«l:tBX»5, fJiiafliAtS 

$gtait#is(csa5 nr I ^ bu leis^ots^E i itsj l , — 
mr -5) ©dsfJiaffl Atf^IBiS^SK: *n iif/c (cfijffl 
^tcM-r -SSSEtim^flFfiK or mrfBSSE«-^ffiit#eK: 



(3) 

3 

SE^g-C^fiXS nyttJf BSaEttSl i . «iIfB%?f F ^ > 
milB F^ -C >ttfE3!P6. tJlBy^ -^tf K:*f LrfTiBi' y 
■Ji-SB5fBi'5>+-«?f-^-2^?&^eRO. ^/tf 
[ii^ 1 1 ] if«^l OiBi£©^aEl»--^N-:/ai^5 

gEtt^RRO'ltrlB F^ A >t*?g3!P6B«fBi' 

1 2 ] n-^^ 7 iB«8©^-!f->'^ 7-a A 

■c*ijffi^cc;K'9ntif-i^;^*ffi«-r.SH!ifB-t'--t;^if- 30 
-'N'K;*jt,>rl5tib. wflB^ -y+-l%?T#l8«miiB:/7>:7 

4>(csB^$ nfcfir£@SEt*^<!:mr§B@aE4^.^tS#IS(c 

^a^nfcmflB^iEtSISi^tb^-r^CiJCJ;!?. BofB 

■5►S^iI■t^-.'^•7■a 4/"7 A. 

[000 1] 

*JW.S'7-;1'F • ^-f F • -^7*^^ (WWW) fcHL, !|f 
(C'7-;UF • ^-f F • ■?x:;^^ftJffiUftf--^f(CTi'4z 

[0 002] 

[Sf3fe©S?l51 Kc*JWa7-;UF ■ TJA 

F • ■^7x7' (WWW) tfAifUfflbrt » -2)47 7 

if) iminaT'ai'^A^fflti-c. /^.Y-'^•-f^+>^^ 

|gjM::'"a (HTTP) «:/M^T-f>4»-*!y F± SO 
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c(DB#. Kf#-r2.';y-;^«. F'7-4'*/m^ 

fcSiK??i£*fi3Ef 2>a-7*-A • ^iv-T. ■ air- 
^ (URL) tCj:^-CJiS3tl5. COURLtCMOr 
-04?-^»^ F^Je-C*-5RFC (Re f e r en 
ce For C o mm e n t ) © 1 7 3 SSi 1 8 0 
8#«:i¥l/t». 

[0 003 ] — fiSfC, WWW-!^--'N'±© 'J V-;^©BXf# 
if-z^fc^urni'-r^L. a!aE*SWfc1$SJ---!f«: 

ux. 0-25704 8#4ifii (JWT. st*a 
{151 K:j:^,:^-ctt. *.2>-9--.'-«®D v-;:^*ffi^-rs 

(cookie) i br##iAtf, c^i* 
■)tf©— ^te-C*0. •^--/N-d^'P.HTTP-CjMftSn/c 
^*:?'7t;ifrtt?fBltt?#. &.^C(D-y^^'i^^t/iif— 

■c#/t r?"^ •StftcS* brWSn y-r > s-e-s c i ?t < # 
w© y y ^<*>6Bt»r i c 

[0 0 04] m(ia4'7+-«. -http://hom 
e. netscape, c o m/ newsref/st 
d/c o D k i e_s p e c. h t m 1 " ©URLTBl 
f#-Ct5 "PERS I STENT CLIENT ST 
ATE HTTP COOKIES" (JWT^^SSfl 

[0 00 5] cc'Ci¥i^-r'5i. •9■-^^•*s:?•7■^;1f{c^^ 
Lr4'-^=^-?r»#3i&I^K:tt. HTTP-C©jHt©^ 
(CS e t -Co ok i e'v.-yd^'&^-r-S. Set-C 
o o k i e^y 4^©«S:ttfelT©ji'5 "C* -S. 

[0 0 0 6 ] S e t -Co o k i e : NAME=VA 
LUE ; ex p i r e s =DATE : path=P 
ATH: doma i n=DOMA I N_NAME : 
secure 

COmZ'P. "NAME = y ALU E" (ommit'Mm<D 



5 

Set-Cooki e-^-y 5^{CO(,>r®IS{C|fi?ari. 
"NAME=VALUE" i^v=^~(DiSm 
(NAME) t^om (VALUE) ^rJi^-TS. "e 
xpires = DATE" ©]Sa«W3ai»3Kil1±«r« 
L. 4' f^-OWJaSBiiS (DATE) =&JiS-r.5. C© 

ttjii, "doma i n=DOMA I N_NAME" 

<rri-tf-M©Ky^ DOMA I N_NAME 

[0 00 7] *;^h«iB. h±t?1f-^-? 
^m^ri>fc^(D^m-C$>i>. tctXlt, "acme, 
com" it,»^ F^-r>tflS?: K^-r^JSSiL-C^O 
i' v +— ti. "anvil, acme. com"-?>"s 
hipping, crate, acme. com"^c<!: 

Rg^nS. M^it. B?lfB"acme. com" il,^^ F 
y ^>^^^t^'^i' v^—it. "www. nec. c 
o. jp" <bi,»5*x F«i««:^— S:b«ct»©-c. 

^•^'•tftt. 1^"— '"^ "www. nec. co. jp"*^^ 

[0008] "pa t h = PATH" ©3SSl*gSSjltt 
■^^mm-T'^^^^^l^^-r^, "secure" <DmS 

B. c©iitt*ijgs$nyti' -y ^~avimtrj:t'x-mm 

3 n/cH T T P3i<l-C©*2lft-r -c* -5 C i =&f§3e 

[000 9] :?'^'5lf*«-9---'<«:i?5'=1^-%^<i 
■r-SIStCtt. HTTP-C®ag©Bg«:Cooki c^-y 
if^mmn. C o o k i e 5, if<DmZit&rF<OM "D 

(00 1 0] Cook i e : NAME=OPAQUE 
_STRING: NAME = OPAQUE_STR I 40 
NG ; . . . . 

•&NAMERC/OPAQUE_STR I NGiCS e t - 
Co ok i eri>---'-«*»6S*ii*ti)t "NAME=V 
ALUE" ©Slt^JlHtiSttiS. mWLm<DPv'¥-ifi 

[ 0 0 1 1 ] Sfc. !|#§3¥ 1 1 -28 28 0 4-^4i$B 

3>>©-9--trx4-^>d'-*s. Fraiei-r4/c«>©we b 



«Fra2 00 2-2 36 6 62 
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y^^'^Ui' F^te**«JfflL-tt,»-5, We bt>— tr;^t#— 
/■JAiSfilT-s v-;^K:*jt»r :x-tf©igaE*J!£:>S<»: 
ofcti^. Web-9•-t^;^•!^--'<«:/■5•51f«:3torw 
ebSiElf->'-«-^©';i^-^Ui' F^^J&jMftr-S), 

^^-CfgJtStlfcWe bSaE-9--''<«:3*LrTi'42;^*tf 

©SSH»««: J: Wc^ca.-- y {c^t OT ta i)'-^ >M®€rfl 
^•r-2>C<t^cL(CSSEj»*-C*4Ci€rWe bD—i:::^ 

[0 0 12] 

[^Bj*«^^Li5 i-rsg^s] fufaufejc^cc. ^7 

^^rna:. F^ -OJSttrfgsufc F^ ^If^Ria:^ 
— sfe-rs*;^ FiS^^o-y— y^ccr 4'-fe>^r4«^{c|iB 

d^O: r'7't»-!fK:F.^-<>Mtt?:J§Sl//cJ' 

>Jgit-CJi^Lfc F^ >fS«*9l:&-St©?g-c^tf 
-!f-^>-{CRB6n-5.. J:-7-C. |5IC F.^-r>ttf8?^!^^ F 
«{C#tf!J-->'-f|5±-C»lRlDi'f +-©li#j^*. BX^ 
*JorfigT*i*i. F^-f>««^^-:J•!^'--'•«P^|-C»|5l 

[0013] Jc-^r, l^iii>-<yi'-:^--y F - F^'('> 

-/>L//c:x— »f©a!iEit#fi*7'7'i7lf©d' ydr-^UX 
m^^tc^bxh. afJ©F^'('>±©-9— ^--CTli^^ 

ffir*«f*itcl,>. J;o-C. !fWSF.X'r>±©■l^- 
>'^•?:fOT•r•5«K:P^^-^>^L.ii:L. mtcics^mm 

[ooi4]^c-c. ^mm<Dnmti^wmit. -of- 

F{c*jl:taSfa©SJ^c-2.+>:^ FS*}*-o-9--e;^S 
^-y-w'^KfctJr. — S^y-^>^^ns:&^f•^3t-^>5^- 
©■If - fc^;^ffi«-9— -'f±-c-9-- e;:^©ffiei*sw -5 c <»: 
*s r t -5 ;^ 7- A i n fcffi c » 6> ti s i2aE-9- - 

[0015] 

■^>*!Haffi©-»--''^tC^©-f >d»-*5» F • F>-/> 



2- + -*5i2iE s nx i» *>*iK-r st^- - tf ;^ if i * 
Bi^iBSaE•^^-^•<«. mi^'7'(r>h±-vsii'!pr 

o. issEt»;siiBts^KfcisiEtcK-r-5it«=&ssr4^ 

*>6©g3RK:)^L<-CBljfB:?'^'t?-!f->-B>/tBi' 

n. mrfa-!J--e;^-!^ stria i'i'+-^?T^I5fr% 

itirfBt*-- fcrxtf->'<i*smiaL/r«j{'^-r 4 c i 
[0017] *^Bj{ci*atf. msxmxamiy:^ 

^©ID. K!tt<t'©ISISiJtSIB*SWiR'3. MiB 

iiAtimiBte^etc sn-c i,» i,m^vsm t im 

0, — g:-r-5fc<DA5miB^lA1tfBiBlg^StC*ni*8ffc 

[0 0 1 8} S/c, *|feBj«:j:n«, t?5Blf«U!iiS'>;^ 

4glML.fc F^ >tt«4^-r i^r^Sit-rSlf 

$8A2:SS^ ^ 7^ A *iff 6 n 5 . 

[0 0 1 9] sfc. *^?8{cj:n«. i5ia««MSi^;^ 
iBSH^iar^fiXsnfcBiriaisstiiai. mfta^tfFy 
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>a!t»^g-CMf . 3 nfct3IB^?T F ^ 

Siytgi^Fy-f >ts*S35p6. mr^'JifccjifbTtiria 
iift r c <!: 4 i -r tt«*as X A *i(f 6 n 

[0 020] t/c, *:^WtcJ:nii. miiBttfB^Si^;^ 

T^AKfct^r. frfBd':'^-^?f*i2B. fria:?'^>?if 
•csiSb/ctjgai' f +-^ff'<-s^««:ffijssnfctfrga 

10 gSEtftf BRO'iTfe F ^ -f >m^tft P,lirga i' + - 

U. f9iB:/5-?1f*>6©iifil|3j?B#(c^^d7.:,:^-?:Bj 
ia:/7 If {cStiitf c i ^^fSi <!: f *t»«*affiS^:^ 

A*Jf#sns. 

[0 02 1 ] *fc. *^jtcj:ntf, mm^^mtyT. 
T^Atcfct^r. BfriBi' 

v^tcfet^-c. Buiai' -^=*=-Btf^©*«BiriB:?'7'^-!f(c» 
*Ji^/c«rla^' =^^-=&R*jii^. ^Ki^ -.f ^-^kib 

20 n/iim^aSiEW^<»:*i:h^^2>C «t«cJ:i3. tijia:/^':> 

If AsgEtcssE? tixy.^i>ifii£') ii^^m'S.r set 

[0 02 2) S?c. :$:^HjK:J:n«. n>t*-$tc. 
5 T > F ©^*tcS-:Jtit: i' if ~^mfr -SSaE 

yf!f - e::^ 1f-/N':r a A i Sii L -cSfif^T-SISiElf 
-y%-:/ai'7Ar*-o-c. tiriB4'^-<T> h±-cS6f^^ 

30 BUia:7'-7 0-tf ^rfiJfflbm-SfiJffl 

«€:fflAt»«iBtS^Stcfett3 n/c{iA1ti{*^6^aE 
U. |gaE<^?lia«#l8K:SiI«:Kr^)1«IS«rSm-rss 
SE^Si. »ff F>-<>gatt#ia;{cffitSS*iT«r>S. 
•7'?1f{ctS«4StjAtffcJ«>(Dd7 y^-^mr-Ti-O 
ii-^v F • F^-f >«€^-r^ff F^-<>t»fB=&aXi* 
«riBi'2.+-©F^-<>J!ltS«ra-rF^-f>fSffi* 
4^t--5.l%?fF^-f >lX?¥#K<i:. mriB:/7'?lfK:S*L' 

40 *'6©M^K:*tLt:B«fa:?'^'f if^tJIBi' v 

-^vh • F^ -Y>«3&>6a<tT Fu;^^^lft-r^>«B« 

»?9i1f — '^• -t L ^ t!r«9l1f — '< :fOif^A 

F^ P©BJgBSaif-''«DiiftT F U;^'^R| 

ia-:yw. a^sc®B^fB■tf-tr;;^•^f--'^•*^^)^tjibrl2iE^!l 

a*tT ^ «fc '5 tC 3 > b- a. - testis -I* -S C i i 
50 [ 0 0 2 3 ] Sfc. 3p:»?9tcj;n«. ifrffiSiEtf--'f 



C6) 



Dy^AW:^dli"C. friE^iE^IS^i. mtE^'y':?^iPh 

-aXft^S i b -C n > t' ^ - ^«tg $ -IJ: ^ /c:5?)(7:):/n 
[0024] ^/c. *^?BK:J:nrt. t?fB^iElf->'>*^ 

-S^iE-y- :7* a y ^ A:&5^ 6 n ^„ 
[ 0 0 2 5 ] */c. SuiBiSiiElf->'0" 20 

r8?IBi5^ +-€:S*3it^friBt57 --^ -^?T*K^©ffl 

[0 026] *:»BJCC J:n«. fiiBISiElf-^''?::^ 
od/^AtC*5t>r. HulBi^^^^t^-Stf^^t^. tulB:/^ 30 

MtB^tf $KSLCmiB ^ >1t$B^?>8iriB^ 

mriB:/^'^1f*^^<3Wl(lS*BS«:^Sd?-^=^-- 
*BufB:/^•>tf^cS#iAt^ci*!l^^■r-^»^iE1^-^^* 

^-ud^-^A^iff^n-s^o 

[0 02 7] *^HJ{cJ:n«. B5iE^aE1f-^<:/ 

Dd/5Atc*5t^-c. mz^ v^-m^^Wi\i^. -(zy^- 

h±-c?fJ^^«:«>i?3^j:lf-tr;^^^T'SmriB1f'- 

fBr^7'^1fW:«*ii^/cl^ri^^^'+--^K*iZ^*. 40 
^ =t=--il3tcfB^^n/cmiiB^iI1f$8it5iB^.fEt^«^^^ 
tS^SCcSIB^n/cUiB^iEttfBi^ribST^C iK: J: 
HoiB:/7'?lf3&5eE«:SiESnTC^S*it'^*^*flS 

-r^ate^fii^. m^fB1^-tr:^1f->'^'<?:ffiia•r^>c<b* 

Its i T -5 ^ 1^ - ^ 7' n -7 A :;J)Sf# e> n ^ . 
[0 02 8] 

[ 0 0 2 9 ] la 1 itt:$i^B^(DmM(oBf^^(^J:^mmmm 

S^^^f-A^^RS^^f 0r*-5)o 50 
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[0 03 0] sitc5^t-<t^>oc, mmimzy:^^^^! o 

^^^ftt--5>/c^t)0«f?^^lt1f->'^'2<?:. ^^^C^>^- 

JU F • 7 F • X • tf-^^ (WWW-tf--^^) *««if¥ 

UrCi€>ffila01f-tf^1?■->'^'3 :i-1fCDPy-^> 

«S^r)B^t■^■-^^•^cI^7A. 
py^A, RO'^iE1f->'>':/n^^A4^Ccl:ot:. 3> 
t* - 5? ^ ^ t f if ^ C i 1? ^ ^ , 
[0 03 1 ] d^-^YT^F liCCti. :/^':7lf 1 l3&i«i 

[003 2] S/c. &mm^'^-^'<2±l.C{tY^^>^ 
1 2 d^tbfl^ or *5 D . F ^ ^ >1t^tBtS^g 1 

^tfori^-^o Fy-r>«fi?9^^l9:i 2«-jKccFy-r 
> • :^-A • if-^'N- (DNS) <hBf«n^>fe©rs>D. 

KDSii%tE3ffib/cRFC<Dl 0 3 4Si 
1 0 3 b^a(,cm^tStiX\.>^o 

[oo33]aittF-^-Y >itfgiai*^S5 <om^m^ 

[0034] 

[^1] 







TW, j r-odekake. net 


123.4,5,6 


vw. j rvest. CO. jp 


10.5.6.7 



[ 0 0 3 5 ] ^ 1 ^ij^TFdr^i. Twww. jr-od 
ekake. netj it^^J^X FigjJJ^ fl 23. 4. 
5. 6J ili^ilMT FU;^«:^^Sn. Twww. j 
rwest. CO. j p j <bl^ ^ d^:^ r 1 0 . 

5. 6. 7 J tt^^iiftr Fu:^tc^&5n^c<h%7S 

[0036] F^ >««^*S 1 2 \t. 
t?^tfw<2±-CS^L/rS!if^Lri^rfei:< . */c. F 

[0037] lf-e;^1f-/^3«:»WWW1f-A;5r«a6ff 
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[0 0 3 8] Sfc, mwtD'-^^4±iiChlf--\^:^V'-^^ 
*5*D. r/^'^lf 1 l3&>6<DHTTP*fiJfflL/cilfi?:S 

fS^S 1 5 : m'f :yWM^^ 1 5 -CWLni^fc K 10 
-^tf^-s^jHa^ei 6. lll«K::/^'5lf 1 iccML/ 
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zpitome 

:57) [Abstract] 

[Technical problem] The Internet browser which performed log in processing once enables it to receive offer of 
service on two or more service provision servers in a service provision server with the host name from which 
the plurality in the Internet differs, without performing log in processing again. 

[Means for Solution] It enables it to succeed authentication information also in two or more domains by writing 
in a browser the Cookie which gave two or more host names to one server for log in processing, bundled up by 
the server for the log in processing, and had the authentication information over each service provision server. 
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;Claim(s)] 

"Claim 1] The name resolution server both changed into the communication link address from the Internet 
domain name using a domain name solution means as it is characterized by providing the following is used. The 
Internet domain name from which plurality differs is related with the communication link address of said one 
authentication server. It is constituted so that authentication processing can be performed in common from said 
two or more service servers. Said service server Read said Cookie published with said Cookie issuance means, 
and have a Cookie acquisition means to judge whether said user using said browser is attested, and it is 
constituted. Information processing system characterized by said authentication server and said service server 
operating in cooperation The authentication server which publishes Cookie based on the demand of a client It is 
an authentication means is equipped with whether said Cookie is attested and the service server to judge, and 
said authentication server retrieves the information on the Internet which operates on said client, and receives 
the demand from the browser to display, attests the user using said browser from the individual humanity news 
memorized by the individual humanity news storage means, and accumulate the information about authentication 
in an authentication condition storage means. An issuance domain acquisition means to generate the domain 
information which acquires the issuance domain information that the Internet domain name which publishes 
Cookie for writing information in a browser memorized by the issuance domain storage means is expressed, and 
expresses the domain attribute of said Cookie A Cookie issuance page sending^out means to transmit the 
Cookie issuance page for writing in said Cookie to said browser, and the Cookie issuance means which writes in 
said Cookie to said browser to the demand from said browser 

[Claim 2] In information processing system according to claim 1 said authentication means Identification 
information, such as a user's ID and a password, from said browser Reception, If the authentication information 
about a user will newly be created and it will accumulate in said authentication condition storage means as 
compared with said identification information accumulated in said individual humanity news storage means, if a 
match is in said individual humanity news storage means, and there is no match Information processing system 
characterized by notifying authentication failure to said browser. 

[Claim 3] It Is the information processing system characterized by generating the domain information which 
deleted the character string which said issuance domain acquisition means acquires said issuance domain 
information from said issuance domain storage means in information processing system according to claim 1 , and 
expresses said authentication server from said issuance domain information. . 

[Claim 4] It is the information processing system characterized by to generate said Cookie issuance page which 
performs the communication link to said Cookie issuance means which writes in said Cookie to said browser 
from said authentication information by which said Cookie issuance page sending-out means was generated with 
said authentication means in information processing system according to claim 1, and said issuance domain 
information acquired and generated with said issuance domain acquisition means and said domain information, 
and to answer a browser 

[Claim 5] It is the information processing system characterized by generating said Cookie from said 
authentication information described in said Cookie issuance page which received said Cookie issuance means 
by said browser in information processing system according to claim 4, and said domain information, and writing 
the Cookie concerned in a communication link demand from said browser at said browser. 
[Claim 6] In information processing system according to claim 1 said Cookie acquisition means In the service 
server which provides a user with various services on the Internet By reading said Cookie which said Cookie 
issuance means wrote in said browser, and comparing said authentication information described in the Cookie 
concerned with said authentication information accumulated in said authentication condition storage means 
Information processing system characterized by judging whether said browser is already attested. 
[Claim 7] While carrying out the function of the authentication server which publishes Cookie to a computer 
based on the demand of a client It is the authentication server program which operates in harmony with the 
service server program equipped with whether said Cookie is attested in the service server, and the function to 
judge. Retrieve the information on the Internet which operates on said client, and the demand from the browser 
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to display is received. An authentication means to attest the user using said browser from the individual 
humanity news memorized by the individual humanity news storage means, and to accumulate the information 
about authentication in an authentication condition storage means, The issuance domain information that the 
Internet domain name which publishes Cookie for writing information in a browser memorized by the issuance 
domain storage means is expressed is acquired. An issuance domain acquisition means to generate the domain 
information showing the domain attribute of said Cookie. A Cookie issuance page sending-out means to transmit 
the Cookie issuance page for writing in said Cookie to said browser. While making it function as a Cookie 
issuance means which writes in said Cookie to said browser to the demand from said browser It processes in 
harmony with the name resolution server program operated as a name resolution server which uses a domain 
name solution means for a computer, and is changed into the communication link address from the Internet 
domain name. The authentication server program characterized by making it function on a computer as relating 
with the communication link address of said one authentication server the Internet domain name from which 
plurality differs, and performing authentication processing in common from said two or more service servers, 
[Claim 8] In an authentication server program according to claim 7 said authentication means Identification 
information, such as a user's ID and a password, from said browser Reception, If the authentication information 
about a user will newly be created and it will accumulate in said authentication condition storage means as 
compared with said identification information accumulated in said individual humanity news storage means, if a 
match is in said individual humanity news storage means, and there is no match While having the function which 
notifies authentication failure to said browser, said service server program The authentication server program 
characterized by being a program for operating as a computer whether the user who read the Cookie published 
with said Cookie issuance means, and uses said browser is attested as a Cookie acquisition means to judge. 
[Claim 9] It is the authentication server program characterized by generating the domain information which 
deleted the character string which said issuance domain acquisition means acquires said issuance domain 
information from said issuance domain storage means in an authentication server program according to claim 7. 
and expresses said authentication server from said issuance domain information. 

[Claim 10] It is the authentication server program characterized by for said Cookie issuance page sending-out 
means to generate said Cookie issuance page which performs the communication link to said Cookie issuance 
means which writes in said Cookie to said browser from said authentication information generated with said 
authentication means, and said issuance domain information acquired and generated with said issuance domain 
acquisition means and said domain information in an authentication server program according to claim 9, and to 
answer a browser. 

[Claim 11] It is the authentication server program characterized by generating said Cookie from said 
authentication information described in said Cookie issuance page which received said Cookie issuance means 
by said browser in the authentication server program according to claim 10, and said domain information, and 
writing the Cookie concerned in a communication link demand from said browser at said browser, 
[Claim 12] In an authentication server program according to claim 7 said Cookie acquisition means In said 
service server which provides a user with various services, it functions on the Internet. Said Cookie issuance 
means by reading said Cookie written in said browser, and comparing said authentication information described in 
the Cookie concerned with said authentication information accumulated in said authentication condition storage 
means The authentication server program characterized by having the function to judge whether said browser is 
already attested, and cooperating with said service server. 
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iDetailed Description of the Invention] 

[0001] 

[Field of the Invention] This invention relates to authentication approach and program of a sake of the user who 

accesses a server especially using World Wide Web about the World Wide Web (WWW) in the Internet. 

[0002] 

[Description of the Prior Art] The World Wide Web (WWW) in the Internet is structure which acquires a file and 
data (resource) from the server (WWW server) which is generally on the Internet through a HyperText Transfer 
Protocol (HTTP) using the Internet browser (browser) and a called program from the client which the user uses, 
displays a text, an image, voice, etc. and is reproduced on a user s browser. The resource to acquire is specified 
by the uniform resource locator (URL) which specifies the connection method through a network at this time. It 
is detailed to No. 1738 of RFC (Reference For Comment) which is the Internet criterion about this URL, and No. 
1808. 

[0003] Generally, although acquisition of the resource on a WWW server is permitted to many and unspecified 
users, the exchange of an in-house document or individual information, transfer of money, etc. need to log in to 
a server, and need to permit authentication only to a carrier beam specification user. As the approach of the . 
authentication at this time, the approach shown by JP.10-257048,A (it is hereafter called the conventional 
technique 1) is mentioned. By the approach by this conventional technique 1, when acquiring the resource of a 
certain server and authentication is needed, once a user logs in to a server, a server will be written in the 
browser for which a user uses the information on the purport that it was attested by log in processing as Cookie 
(cookie). This Cookie is one function of a browser, can memorize within a browser the information transmitted by 
HTTP from the server, and in case this browser accesses a server henceforth, it can also make both the 
information accumulated into the browser as Cookie transmit. Henceforth, in case a browser [ finishing / 
authentication ] accesses a server, the Cookie in which it is shown that it is authentication ending is passed to a 
server side, and a server answers a letter in the resource for specific users, without acquiring authentication 
information and making it log in again to the accessed browser with the passed Cookie. It becomes possible to 
acquire the resource for specific users from a server continuously by the above, without logging in again, once it 
specifies the user using a browser and logs in. 

[0004] Said Cookie is detailed to ''PERSISTENT CUENT STATE HTTP COOKIES" (it is called reference 1 
below) acquirable by URL of "http: / /home.netscape.com/newsref/std/cookie_spec.htmL" 

[0005] If it explains in full detail here, in case a server will write in Cookie to a browser, a Set~Cookie header is 
transmitted in the case of the communication link by HTTP. The functor of a Set-Cookie header is as follows. 
[0006] Set-Cookie: NAME=VALUE; expires=DATE; path=PATH; domain=DOMAIN.NAME; secure — the item of 
"NAME=VALUE" is indispensable information among this functor, other items are omissible, and when it omits, 
the fixed value shown in reference 1 is used. Hereafter, a Set-Cookie header is explained simple. The item of 
''NAME=VALUE" specifies the identifier (NAME) and value of Cookie (VALUE). The item of ''expires=DATE" 
expresses an expiration date attribute and specifies the expiration date (DATE) of Cookie. When this item is 
omitted, the termination event of a browser serves as an expiration date. "domain=DOMAIN_NAME" expresses a 
domain attribute and specifies as DOMAIN.NAME the domain information on a server that a browser transmits 
this Cookie. Assessment is performed by the Internet domain name (it is hereafter called the host name) and 
right side match in which the server has assignment of domain information. 

[0007] A host name is an identifier for identifying a server on the Internet. For example, the Cookie which has 
the domain information of "acme.com" as a domain attribute is in agreement with host names, such as 
"anvil.acme.com" and "shipping.crate.acme.com." However, the server which can distribute Cookie with a domain 
attribute is restricted to a server with the host name which carries out a right side match to the domain 
information specified with the domain attribute. For example, since the right side match of the Cookie with the 
domain attribute of the above "acme.com" is not carried out to the host name "www.nec.co.jp", a browser 
refuses the reception of such Cookie from a server "www.nec.co.jp." When this item is omitted, the host name 
of the server which writes in Cookie is used as domain information. 

[0008] In case the item of "path=PATH" expresses a path attribute, is compared with the path information 
shown in URL and which resource in a server is acquired, it specifies whether a browser should transmit Cookie. 
It specifies that the Cookie with which, as for the item of "secure", this attribute was specified should be 
transmitted only by the HTTP communication link protected by encryption etc. 

[0009] Moreover, in case a browser transmits Cookie to a server, a Cookie header is transmitted in the case of 
the communication link by HTTP. The functor of a Cookie header is as follows. 
[0010] Cookie: NAME=OPAQUE.STRING; NAME=OPAQUE_STRING; .... 

Each information on "NAME=VALUE" written in each NAME and OPAQUE.STRING from the server by Set- 
Cookie is specified. When two or more Cookie is written in the browser from the server, it is divided by";", and 
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more than one are put in order and it is transmitted. 

[001 1] Moreover, in JP.1 1-282804,A (it is hereafter called the conventional technique 2), it makes it possible to 
share and use a Web authentication server by the Web Service server which has more than one by separating 
the Web Service server for offering a certain service by the Internet to a user, and the Web authentication 
server for attesting each user. This uses the redirection function which the browser usually has. When a user's 
authentication is needed in the resource which a Web Service server offers, a Web Service server transmits the 
redirection instruction to a Web authentication server to a browser. The browser which received the redirection 
instruction is accessed to the Web authentication server specified with a redirection instruction. The Web 
authentication server accessed from the browser requires a log in of a user, when it judges whether the browser 
is attested or not with the Cookie in which it is written by the browser and the browser is not attested When a 
log in is successful, authentication information is written in the Cookie of a browser. When authentication takes 
place again, it notifies that it is authentication ending to a Web Service server, without requiring log in processing 
of a user again using the authentication information on Cookie. 
[0012] 

[Problem(s) to be Solved by the Invention] The server which can write in the Cookie which the conditions to 
which the Cookie written in the browser is transmitted to a server as described above were limited when a 
server with the host name which carries out a right side match to the domain information specified with the 
domain attribute was accessed, and specified the domain attribute as the browser is restricted to the server 
which includes the domain information specified as the host name with the domain attribute in the form of a right 
side match. Therefore, although the writing of the same Cookie and acquisition are possible at the servers which 
include the same domain information in a host name, the writing of the same Cookie and acquisition cannot be 
performed between servers with a different domain name. 

[0013] Therefore, in the server on another domain, though the authentication information of the user who logged 
in by the server on the domain which is the conventional technique is written in as Cookie of a browser when it 
is going to use the same authentication information between the sites which are operating on a different Internet 
domain, since the Cookie concerned cannot be read, taking over of authentication information cannot be 
performed. Therefore, whenever a user uses the server on each domain, he needs to do a log in again, and he 
newly needs to acquire authentication information. 

[001 4] Then, the technical technical problem of this invention has the Internet browser which performed log in 
processing once in a service provision server with the host name from which the plurality in the Internet differs 
in offering the information processing system which can receive offer of service on two or more service 
provision servers, without performing log in processing again, and the authentication server program used for it. 
[0015] 

[Means for Solving the Problem] In this invention, the information processing system which enabled it to 
succeed authentication information also in two or more domains is offered by writing in a browser the Cookie 
which gave two or more Internet domain names to one server for log in processing, bundled up by the server for 
the log in processing, and had authentication information to each domain. 

[0016] According to this invention, it has the authentication server which publishes Cookie based on the demand 
of a client, and whether said Cookie is attested and the service server to Judge. Namely, said authentication 
server Retrieve the information on the Internet which operates on said client, and the demand from the browser 
to display is received. An authentication means to attest the user using said browser from the individual 
humanity news memorized by the individual humanity news storage means, and to accumulate the information 
about authentication in an authentication condition storage means, The issuance domain information that the 
Internet domain name which publishes Cookie for writing information in a browser memorized by the issuance 
domain storage means is expressed is acquired. An issuance domain acquisition means to generate the domain 
information showing the domain attribute of said Cookie, A Cookie issuance page sending-out means to transmit 
the Cookie issuance page for writing in said Cookie to said browser. While having the Cookie issuance means 
which writes in said Cookie to said browser to the demand from said browser The name resolution server 
changed into the communication link address from the Internet domain name using a domain name solution 
means is used. The Internet domain name from which plurality differs is related with the communication link 
address of said one authentication server. It is constituted so that authentication processing can be performed 
in common from said two or more service servers. Said service server Read said Cookie published with said 
Cookie issuance means, and have a Cookie acquisition means to judge whether said user using said browser is 
attested, and it is constituted. The information processing system characterized by said authentication server 
and said service server operating in cooperation is obtained. 

[0017] According to this invention, it sets to said information processing system. Moreover, said authentication 
means Identification information, such as a user's ID and a password, from said browser Reception, If the 
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authentication information about a user will newly be created and it will accumulate in said authentication 
condition storage means as compared with said identification information accumulated in said individual humanity 
lews storage means, if a match is in said individual humanity news storage means, and there is no match The 
nformation processing system characterized by notifying authentication failure to said browser is obtained. 
[0018] Moreover, according to this invention, in said information processing system, said issuance domain 
acquisition means acquires said issuance domain information from said issuance domain storage means, and the 
nformation processing system characterized by generating the domain information which deleted the character 
string showing said authentication server from said issuance domain information is obtained. 

]0019] According to this invention, it sets to said information processing system. Moreover, said Cookie issuance 
Dage sending~out means It acquires with said authentication information generated with said authentication 
Tieans, and said issuance domain acquisition means. Said Cookie issuance page which performs the 
::ommunication link to said Cookie issuance means which writes in said Cookie to said browser from said 
generated issuance domain information and said domain information is generated, and the information processing 
system characterized by answering a browser is obtained. 

[0020] Moreover, according to this invention, in said information processing system, said Cookie issuance means 
generates said Cookie from said authentication information described in said Cookie issuance page received by 
said browser, and said domain information, and the information processing system characterized by writing the 
Cookie concerned in a communication link demand from said browser at said browser is obtained. 
[0021] According to this invention, it sets to said information processing system. Moreover, said Cookie 
acquisition means In the service server which provides a user with various services on the Internet By reading 
said Cookie which said Cookie issuance means wrote in said browser, and comparing said authentication 
information described in the Cookie concerned with said authentication information accumulated in said 
authentication condition storage means The information processing system characterized by Judging whether 
said browser is already attested is obtained. 

[0022] Moreover, while carrying out the function of the authentication server which publishes Cookie to a 
computer based on the demand of a client according to this invention It is the authentication server program 
which operates in harmony with the service server program equipped with whether said Cookie is attested in the 
service server, and the function to judge. Retrieve the information on the Internet which operates on said client, 
and the demand from the browser to display is received. An authentication means to attest the user using said 
browser from the individual humanity news memorized by the individual humanity news storage means, and to 
accumulate the information about authentication in an authentication condition storage means. The issuance 
domain information that the Internet domain name which publishes Cookie for writing information in a browser 
memorized by the issuance domain storage means is expressed is acquired. An issuance domain acquisition 
means to generate the domain information showing the domain attribute of said Cookie. A Cookie issuance page 
sending-out means to transmit the Cookie issuance page for writing in said Cookie to said browser. While making 
it function as a Cookie issuance means which writes in said Cookie to said browser to the demand from said 
browser It processes in harmony with the name resolution server program operated as a name resolution server 
which uses a domain name solution means for a computer, and is changed into the communication link address 
from the Internet domain name. The Internet domain name froni which plurality differs is related with the 
communication link address of said one authentication server, and the authentication server program 
characterized by making it function on a computer as performing authentication processing in common is 
acquired from said two or more service servers. 

[0023] According to this invention, it sets to said authentication server program. Moreover, said authentication 
means Identification information, such as a user s ID and a password, from said browser Reception, If the 
authentication information about a user will newly be created and it will accumulate in said authentication 
condition storage means as compared with said identification information accumulated in said individual humanity 
news storage means, if a match is in said individual humanity news storage means, and there is no match While 
having the function which notifies authentication failure to said browser, said service server program The Cookie 
published with said Cookie issuance means is read, and the authentication server program characterized by 
being a program for operating as a computer whether the user using said browser is attested as a Cookie 
acquisition means to judge is acquired. 

[0024] Moreover, according to this invention, in said authentication server program, said issuance domain 
acquisition means acquires said issuance domain information from said issuance domain storage means, and the 
authentication server program characterized by generating the domain information which deleted the character 
string showing said authentication server from said issuance domain information is acquired. 

[0025] According to this invention, it sets to said authentication server program. Moreover, said Cookie issuance 
page sending-out means It acquires with said authentication information generated with said authentication 

filo- / .mor^^o onri f^of+lncr^s^ni ihlir^O.'^MMx/ n^r-i im^ntc^. IPr>FnM. IP-A-90n?-?.'^fiRR? html 9004/1 2/22 



JP-A-2002-236662 



8/1 Z 



neans, and said issuance domain acquisition means. Said Cookie issuance page which performs the 
communication link to said Cookie issuance means which writes in said Cookie to said browser from said 
generated issuance domain information and said domain information is generated, and the authentication server 
urogram characterized by answering a browser is acquired. 

0026] Moreover, according to this invention, in said authentication server program, said Cookie issuance means 
generates said Cookie from said authentication information described in said Cookie issuance page received by 
>aid browser, and said domain information, and the authentication server program characterized by writing the 
Dookie concerned in a communication link demand from said browser at said browser is acquired. 
0027] According to this invention, it sets to said authentication server program. Moreover, said Cookie 
acquisition means In said service server which provides a user with various services, it functions on the Internet. 
Said Cookie issuance means by reading said Cookie written in said browser, and comparing said authentication 
nformation described in the Cookie concerned with said authentication information accumulated in said 
authentication condition storage means It has the function to judge whether said browser is already attested, 
and the authentication server program characterized by cooperating with said service server is acquired. 
:0028] 

[Embodiment of the Invention] Hereafter, it explains, referring to a drawing about the gestalt of operation of this 
nvention. 

[0029] D rawing 1 is drawing showing the configuration of the information processing system by the gestalt of 
operation of this invention. 

[0030] It has the name resolution server 2 for changing into the actual communication link address, two or more 
service servers 3 to which the World-Wide-Web server (WWW server) for providing a user with service through 
the Internet actually is operating, and the authentication server 4 which attests by performing log in processing 
of a user from many and unspecified clients 1 which a general user uses in information processing system 10 as 
shown in drawing 1 . and the identifier on the Internet, and is constituted. Here, the client 1, the name resolution 
server 2, the service server 3, and the authentication server 4 are connected through networks, such as the 
Internet, A name resolution server program, a service server program, and the authentication server program 4 
can be made to perform each function of the name resolution sen/er 2, the service server 3. and an 
authentication server 4 to a computer, respectively. 

[0031] On a client 1, the browser 11 is operating, it communicates with the name resolution server 2, the service 
server 3, and an authentication server 4. and the resource on a server is acquired. 

[0032] Moreover, the domain name solution means 12 is operating on the name resolution server 2, and 
transform processing from the host name which showed the host on the Internet based on the information 
memorized by the domain information storage means 151 to the actual communication link address is performed. 
Generally the domain name solution means 12 is called a domain name server (DNS), and is specified to No. 1034 
of RFC which described the criterion of the Internet, and No. 1035. 

]0033] A table 1 shows the example of a content of the domain information record means 5. 
:0034] 

:A table II 







wv. j r-odekake. net 


123.4.5.6 


WW. j rvest- CO- jp 


10-5.6.7 



[0035] The example shown in a table 1 shows that the host name "www.jr-odekake.net" is changed into the 
communication link address "123.4.5.6", and the host name "www.jrwest.co.jp" is changed into the 
communication link address "10.5.6.7." 

[0036] The domain name solution means 1 2 may be operating in cooperation on two or more name resolution 
servers 2, and may also have two or more domain information storage means 5. 

[0037] The WWW server is operating to the service server 3, and a letter is answered [ communication link / 
using HTTP from a browser 1 1 ] in reception and a resource. This WWW server has the expanded capability of a 
server, and the Cookie acquisition means 13 for acquiring the authentication information accumulated in the 
browser 1 1 as Cookie using the device concerned is operating. 

[0038] Moreover, the WWW server which is the same as the service server 3, or has this function also on an 
authentication server 4 is operating, and reception and log in processing are performed for the communication 
link using HTTP from a browser 11. This WWW server has the expanded capability of a server. The device is 
used. The log in demand from a browser 1 1 It receives. Actual log in processing When the authentication means 
14 and log in to perform are successful, Cookie The domain information to publish A browser 1 1 is received 



4::i«. //r>.Vn«r*.,r«an+o ar»H Qofl-inorc^rM ihlii^n.'^^Mx/ nnr-.l imAntQ^. IPOFn¥JP-A-9nn7-?.'^fififi? html 



2004/12/22 



JP-A-2002-236662 



9/12- 



actually, the Cookie issuance page sending-out means 1 6 for sending out the Cookie issuance page for writing in 
Dookie to a browser 11 based on the domain information acquired with the issuance domain acquisition means 
15 and the issuance domain acquisition means 15 of acquiring — The Cookie issuance means 17 for publishing 
3ookie is operating. Moreover, the issuance domain storage means 8 for accumulating the host name of the 
authentication server 4 which publishes the authentication condition storage means 7 and Cookie for 
accumulating the authentication condition of the individual humanity news storage means 6 for accumulating the 
ndividuai humanity news of the user using a browser 1 1 and a browser 1 1 is connected to the service server 3 
and the authentication server 4. 

]0039] The individual humanity news storage means 6. the authentication condition storage means 7. and the 
ssuance domain storage means 8 may be mounted in a world wide web server in order to mitigate the time and 
2ffort of a system construction. 

]0040] As an example of the gestalt of operation of this invention, three service servers 3 exist and suppose 
that the host name had the identifier of "www.jr-odekake.net", "www.nec.cojp", and "ecsitejrwest.cojp." At 
this time, domain information on each service server 3 is set to "jr-odekake.net", "nec.co jp". and "jrwest.co jp. 

[0041] The authentication server 4 in the gestalt of operation of this invention adds the character string which 
shows that it is an authentication server 4 to the domain information for each servers, and has two or more host 
names in it. For example, when the character string which shows that it is an authentication server 4 is set to 
'ninsyou", it has three identifiers, "ninsyou.jr^odekake.net", "ninsyou.nec.cojp" and "ninsyou jrweslcojp." Only 
the number of the classes of domain information on the service server 3 that the host name which an 
authentication server 4 has here attests in common has a host name. When two or more of a certain service 
servers 3 have the same domain information, an authentication server 4 should just have one host name to the 
domain information. 

[0042] The following table 2 shows the example of the domain information storage means at this time. 
[0043] 

[A table 2] 







www. jr-odekake. net 


123.4.5. 6 


niasyou- j r-odekake. net 


123.4.5. 100 


www. nec. co. j p 


192, 168, 1, 10 


niasyou. nec. co. jp 


123.4.5.100 


ecsite. jrwest.co. jp 


10.5.6.8 


nlosyou. j rwest. co. jp 


123.4.5. 100 



[0044] As shown in the above-mentioned table 2. each service server is registered as "www.jr^odekake.net", 
"www.nec.co.jp", and "ecsite.jrwest.co.jp". and each communication link address is set up with "123.4.5.6". 
"192.168.1.10". and "10.5.6.8." Moreover, the host name corresponding to each service server 3 of an 
authentication server 4 is registered as "ninsyou.jr-odekake.net", "ninsyou.nec.cojp", and "ninsyouJrwest.co.jp , 
and since each host name points out the same authentication server 4, the communication link address becomes 
the same thing. When the communication link addresses which show the authentication server 4 memorized by 
the domain Information storage means 5 here differ, you may make it the same communication link address 
eventually shown using a device with the conversion function of the communication link address which controls 
a communicative path and which is generally called a router and a switch. Moreover, when an authentication 
server 4 equips two or more communication equipment and can use two or more communication link addresses, 
the communication link address which shows the authentication server 4 memorized with the domain information 
storage means 5 may be shown by two or more communication link addresses. 

0045] A table 3 shows the domain information which the issuance domain storage means 8 at this time has. 
:0046] 

;A table 3] 

ninsyou.jr-odekake.net 
niasyou. nec. co. jp 
ninsyou. j rwest, co. j p 



filoV/n S^nnniim^ntc anH .<^fttf incrR^ni ihllr.O.'^VMv nor.ijmftnt5?¥J POEnMJP-A-7002-23fi6fi7.htm I 



2004/12/22 



JP-A-2002-236662 



10/1Z 



*0047] Drawing 2 is flow chart drawing showing the actuation about log in processing of a user. 
^0048] Log in processing of a user is explained based on the above example, referring to drawing 2 . 
[0049] First, an authentication server 4 receives ID and password of the user who uses the browser 1 1 with the 
authentication means 14 on a WWW server from a browser 1 1 (step SI). If it is the information which can specify 
jsers, such as fingerprint information, at this time, you may use as a substitute of ID and a password. The 
authentication means 14 which received ID and a password compares ID and the password which were received 
From ID and the password which are accumulated in the individual humanity news storage means 6, and the 
Drowser 1 1 (step S2). 

]0050] A table 4 shows an example of the individual humanity news storage means 6 at this time. 



:oo5i] 




[A table 4] 




ID 


7 - K 


XYZOOOOl 


QLslJDll 







[0052] As shown in the above-mentioned table 4. this example shows that the password of the user of ID 
^'XYZOOOOl" is "QLsiJD1 1." With the individual humanity news storage means 6, the information on the name 
about a user, an address, etc. may be collectively memorized besides said ID and password Moreover, the 
information on ID, a password, etc. may be enciphered by a certain code approach. Next, as a result of the 
comparison of ID and a password, it checks whether it is in agreement (step S3), and when not in agreement, 
authentication failure is notified to a browser 1 1 and log in (step S4) processing is ended. When in agreement, 
the authentication information which shows that a browser 1 1 is authentication ending is generated (step S5). As 
long as this authentication information serves as a peculiar value every browser 11, what kind of value is 
sufficient as it. The generated authentication information is accumulated in the authentication condition storage 
means 7 with ID (step 56). 

[0053] A table 5 shows an example of the authentication condition storage means 7 at this time. 
[0054] 

[A table 5] 



ID 




XYZOOOOl 


I0J99312-3333id 







[0055] The example shown in a table 5 shows that ID "XYZOOOOl" is attested for authentication information 
"lOJ99312-3333jd." At this time, with the authentication information storage means 7, the time amount at the 
time of a log in success etc. may be accumulated other than said ID and authentication information, and you may 
use for time-out processing etc. Next, the issuance domain acquisition means 15 acquires the issuance domain 
information on Cookie from the issuance domain storage means 8 (step S7). 

[0056] "ninsyou.jr-odekake.net", "ninsyou.nec.co.jp", and "ninsyou.jrwest.coJp" are acquired in the example of a 
table 3. The issuance domain acquisition means 1 5 creates the domain information which deleted the character 
string which shows an authentication server 4 from the acquired issuance domain information (step S8). "jr- 
odekake.net", "nec.co.jp", and "jrwest.cojp" are created in the aforementioned example. Next, the Cookie 
issuance page sending^out means 1 6 creates a Cookie issuance page based on the authentication information 
generated and acquired at steps S5, S7, and SB, issuance domain information, and domain information, and 
answers a browser 1 1 (step S9). 

[0057] Drawing 3 is drawing showing the example of the Cookie issuance page in said example. To be shown in 
drawing 3 , this Cookie issuance page is described with the description language generally called HTML, and can 
order various processings to a browser 1 1 by being interpreted by the browser 11. It is detailed to "HyperText 
Markup Language Home Page" acquirable by URL of "http://www.w3c.org/MarkUp/" about HTML. 
[0058] the description about the Cookie issuance among the HTML description shown by drawing 3 — 
<FRAME .... it is the line shown by >. <FRAME ... > orders a browser 1 1 1 to access URL shown according to the 
item of solvent refined coal. For example, <FRAME soIvent-refined-coal="http://ninsyou Jr-odekake.net/cookie? 
CJD=IOJ9931 2-3333 jd&DOM_NAME=jr-odekake.net" > As opposed to the Cookie issuance means 17 specified 
by the identifier of cookie from the authentication server 4 shown by ninsyou.jr-odekake.net It was specified as 
the argument by having made domain information on Cookie "jr-odekake.net" into DOM.NAME, having used 
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Authentication information "lOJ99312-3333jd" as CJD, and the browser 11 is ordered to access. At this time, a 
Drowser 1 1 is <FRAME. ... [ ... > description may be used. ] It has, when > description cannot be processed, and 
CNOFRAI\/IES> description is used, and it is <FRAME... It is <IMAGE instead of > description. Moreover, <FRA[\/IE 
described to a Cookie issuance page ... > is set only to one, performs description which calls the Cookie 
ssuance means 17 accessed by other host names during the reply of the Cookie issuance means 17, and may 
De made to publish Cookie one by one. The browser 11 which received the Cookie issuance page accesses the 
3ookie issuance means 17 on an authentication server 4 according to the HTML description in a page (step 
310). The Cookie issuance means 17 creates Cookie information by making into a domain attribute domain 
nformation which specified the authentication information described as CJD as a value of Cookie, and was 
specified as DOM.NAME in URL at the time of access, and writes it in using the Set-Cookie header of HTTP 
described above to the browser 1 1 (step S1 1). For example the Cookie issuance means 17 — <FRAME When 
called by HTML description of soIvent-refined-coal="http://ninsyou.jr-odekake.net/cookie?C_ID=IOJ9931 2-3333 
id&DOM_NAME=jr-odekake.net" >, "lOJ99312-3333jd" and domain information serve as [ authentication 
information ] "jr-odekake.net". The Cookie issuance means 17 "Set-Cookie : CJD=IOJ99312-3333jd The 
leader; domain=jr-odekake.net" is transmitted to a browser 11. As the browser 11 which received this header 
Afas described above, the Cookie issuance means 17 is referred to by the host name of "http://ninsyou.jr- 
odekake.net", since the domain attribute "jr-odekake.net" specified as Cookie is included, the writing of Cookie 
is permitted, and a value saves [ an identifier ] the Cookie of "lOJ99312-3333jd" by "CJD." Only the part of the 
<FRAME> description the browser 1 1 is described to be in the Cookie issuance page repeats step S10 and step 
S11. 

[0059] In the example, although the Cookie issuance means 1 7 on ninsyou.jr-odekake.net, ninsyou.nec.co jp. and 
ninsyou.jrwest.co.jp will be referred to, this shows the communication link address to the same authentication 
server 4 altogether as it is shown in a table 2. 

[0060] On the browser 1 1 which succeeded in the log in, the Cookie for each service server 3 on a local area 
network is written in by the above step of SI -S1 1. 

[0061] Next, drawing 4 is drawing with which explanation of the service server's 3 which offers the service for 
specific users authentication processing of access from a browser 1 1 of a carrier beam case is presented. If 
drawing 4 is referred to, when the service server 3 has access from a browser 11, a browser 11 will investigate 
first whether authentication information is transmitted as Cookie (step S21). If the step of steps S1-S11 which 
the browser 1 1 mentioned above is performing log in processing at this time, as described above, a browser 1 1 
will add a Cookie header during the HTTP communication link to an authentication server 4. and will transmit the 
authentication information memorized as Cookie by this Cookie header to an authentication server 4. 
[0062] If the browser 1 1 has not transmitted authentication information as Cookie, by the authentication server 
4, authentication information is unreceivable, and the browser 1 1 refuses the service for specific users noting 
that it is not attested (step S22). If authentication information is receivable as Cookie by the authentication 
server 4, it will investigate whether the authentication information concerned is accumulated with the 
authentication condition storage means 7 (steps S23 and S24), At this time, in order to raise safety, processing 
whose authentication information concerned checks whether it is the right using a code technique etc. may be 
performed. If the received authentication information is not accumulated with the authentication storage means 
7. the service for specific users is refused noting that it is ur\just authentication information (S25). If the 
received authentication information is accumulated in the authentication storage means 7. the accessed browser 
11 will presuppose that it is already authentication ending, and will permit utilization of the service for specific 
users to a browser 1 1. By each step of steps S21-S26. the browser 1 1 which each service server 3 has 
accessed can distinguish whether it is authentication ending. In addition, when the service for specific users is 
refused in each step of steps S22 and S25. a transfer etc, may be processed and the log in processing by the 
authentication server 4 may be demanded from a user. 

[0063] As mentioned above, in order to raise safety to the communication link between step SI - the client 1 in 
each step of S1 1, S21-S26 and the service server 3 and an authentication server 4, it is desirable to encipher 
the content of a communication link. Make it moreover, more desirable to operate on the same local area 
network in the service server 3, an authentication server 4, the individual humanity news storage means 6. the 
authentication condition storage means 7. and the issuance domain storage means 8 in order to raise safety. 
Moreover, it is more desirable to use the communication device with a browser 1 1 generally known as a fire wall 
in the case of a communication link, and to raise communicative safety. 
[0064] 

[Effect of the Invention] As explained above, the user who uses the browser by using this invention Since 
authentication information will be shared by two or more service servers from which a domain differs once it 
merely logs in. The time and effort which redoes a log in for every server is lost, and it becomes easy for this to 
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ulde the user using a certain service server to the service server which is operating on other domains. The 
iformation processing system to which the number of users using service can be made to increase can be 
ffered. 

3065] Moreover, in this invention, the Internet domain name to which the user who could give his name and was 
ased on the content of service tends to memorize what kind of Internet domain name in case each service 
erver is built can be used, this becomes possible to impress the Internet domain name of a service server 
eeply to many and unspecified users, and the information processing system to which the number of users 
sing service can be made to increase can be offered. 
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DESCFUPTION OF DRAWINGS 



[Brief Description of the Drawings] 

'Drawing 1] It is the block diagram showing the information processing system by the gestalt of operation of thss 

nvention. j - i * 

"Drawing 2] It is flow chart drawing with which explanation of the information processing system of drawing 1 of 

operation is presented. 

[Drawing 3] It is drawing showing an example of the Cookie issuance page published by the information 
processing system of the gestalt of operation of this invention. 

[Drawing 4] It is flow chart drawing showing judgment processing of the attested browser in the service server of 
the information processing system by the gestalt of operation of this invention. 
[Description of Notations] 

1 Client 

2 Name Resolution Server 

3 Service Server 

4 Authentication Server 

5 Domain Information Storage Means 

6 Individual Humanity News Storage Means 

7 Authentication Condition Storage Means 

8 Issuance Domain Storage Means 

1 0 Information Processing System 

11 Browser 

12 Domain Name Solution Means 

13 Cookie Acquisition Means 

14 Authentication Means 

1 5 Issuance Domain Acquisition Means 

16 Cookie Issuance Page Sending-Out Means 

17 Cookie Issuance Means 
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